https://community.checkpoint.com/t5/AI-Agents-Security/Lakera-Videos-Breaking-Point-EP6-OmniChat-Desktop-When-Metadata/m-p/261572#M19 <P><SPAN>Agentic systems are getting wild and in Episode 6 of Breaking Point, I dive into a real desktop chatbot that uses the Model Context Protocol (MCP)… and show how metadata alone can bend the agent to my will. </SPAN></P> <P><SPAN>This isn’t a jailbreak. It’s worse. </SPAN></P> <P><SPAN>We’re talking indirect prompt injection. Influencing the agent not through what the user says… but through the tools it trusts. MCP promises “superpowers” for agents. </SPAN></P> <P><SPAN>What it really unlocks? A much bigger attack surface. </SPAN></P> <P><SPAN>In this episode I explore OmniChat Desktop, a weather-fetching app powered by third-party MCP servers — where simple tool descriptions look almost indistinguishable from system prompts. </SPAN></P> <P><SPAN>And when an agent can’t tell data from instructions… you already know where this is going. </SPAN></P> <P><SPAN><span class="lia-unicode-emoji" title=":warning:">⚠️</span> No spoilers, but let’s just say metadata should not be trusted.</SPAN></P> <P><SPAN><div class="video-embed-center video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FWWejUTnqY24%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWWejUTnqY24&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FWWejUTnqY24%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="200" height="112" scrolling="no" title="Breaking Point EP6: OmniChat Desktop - When Metadata Becomes the Attack" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></SPAN></P> Fri, 31 Oct 2025 11:05:40 GMT _Val_ 2025-10-31T11:05:40Z https://community.checkpoint.com/t5/AI-Agents-Security/Lakera-Videos-Breaking-Point-EP6-OmniChat-Desktop-When-Metadata/m-p/261572#M19 <P><SPAN>Agentic systems are getting wild and in Episode 6 of Breaking Point, I dive into a real desktop chatbot that uses the Model Context Protocol (MCP)… and show how metadata alone can bend the agent to my will. </SPAN></P> <P><SPAN>This isn’t a jailbreak. It’s worse. </SPAN></P> <P><SPAN>We’re talking indirect prompt injection. Influencing the agent not through what the user says… but through the tools it trusts. MCP promises “superpowers” for agents. </SPAN></P> <P><SPAN>What it really unlocks? A much bigger attack surface. </SPAN></P> <P><SPAN>In this episode I explore OmniChat Desktop, a weather-fetching app powered by third-party MCP servers — where simple tool descriptions look almost indistinguishable from system prompts. </SPAN></P> <P><SPAN>And when an agent can’t tell data from instructions… you already know where this is going. </SPAN></P> <P><SPAN><span class="lia-unicode-emoji" title=":warning:">⚠️</span> No spoilers, but let’s just say metadata should not be trusted.</SPAN></P> <P><SPAN><div class="video-embed-center video-embed"><iframe class="embedly-embed" src="https://cdn.embedly.com/widgets/media.html?src=https%3A%2F%2Fwww.youtube.com%2Fembed%2FWWejUTnqY24%3Ffeature%3Doembed&amp;display_name=YouTube&amp;url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DWWejUTnqY24&amp;image=https%3A%2F%2Fi.ytimg.com%2Fvi%2FWWejUTnqY24%2Fhqdefault.jpg&amp;type=text%2Fhtml&amp;schema=youtube" width="200" height="112" scrolling="no" title="Breaking Point EP6: OmniChat Desktop - When Metadata Becomes the Attack" frameborder="0" allow="autoplay; fullscreen; encrypted-media; picture-in-picture;" allowfullscreen="true"></iframe></div></SPAN></P> Fri, 31 Oct 2025 11:05:40 GMT https://community.checkpoint.com/t5/AI-Agents-Security/Lakera-Videos-Breaking-Point-EP6-OmniChat-Desktop-When-Metadata/m-p/261572#M19 _Val_ 2025-10-31T11:05:40Z https://community.checkpoint.com/t5/AI-Agents-Security/Lakera-Videos-Breaking-Point-EP6-OmniChat-Desktop-When-Metadata/m-p/261574#M20 <P>Awesome</P> Fri, 31 Oct 2025 11:37:32 GMT https://community.checkpoint.com/t5/AI-Agents-Security/Lakera-Videos-Breaking-Point-EP6-OmniChat-Desktop-When-Metadata/m-p/261574#M20 the_rock 2025-10-31T11:37:32Z